cyber_sectechfandomcom-20200214-history
Cryptography
Introduction In simple terms, cryptography is a method of taking information and converting it into a format that cannot be read by another person or machine to understand its contents. The main objective is that only the sender and receiver of the information should be able to decrypt the information and make it impossible for someone to break the encryption https://www.techopedia.com/definition/1770/cryptography. Cryptography has been around for centuries and over time has evolved immensely. Cryptography mainly relies on some sort of algorithm to determine how information is scrambled or hidden from unauthorized individuals. As these algorithms emerged, people have put a lot of time and effort into understanding and breaking the encryption. In the digital age, cryptography plays a crucial role in protecting and enforcing data privacy. It is used to transfer information and files over a network securely and also store data data securely. Cryptography also plays a role in authentication when we log into accounts and to also access information in storage. Without cryptography, information and storage today would constantly fall victim to cyber attacks and billions of Dollars in damages and losses would be critical problem. Although cryptography has become a milestone in the digital era with regards to securing data and files, its very attributes have also been exploited by malicious hackers to carry out cyber crimes and inflict serious damage to their targets. This is found in the form of ransomware which is a malware designed to encrypt a wide range of files and force the victim to pay a ransom to get their files back. __TOC__ Encryption and Decryption Encryption Encryption is the process of concealing or scrambling information in a manner that no human or machine can read it and only the recipient of the information is able to decrypt the information http://study.com/academy/lesson/what-is-encryption-definition-types-methods.html. There are a wide range of encryption types that can be used to encrypt information, most of which can be broken within seconds, which is why each new encryption is often more complex and sophisticated than the last. Decryption Decryption is the process of taking encrypted information and reverting it back to its original format so that it can be read by human or machine https://www.computerhope.com/jargon/d/decrypti.htm. This is often done by reverse engineering the encryption algorithm, however more modern and sophisticated encryption algorithms cannot simply be reverse engineered to decrypt information. History The First Cipher (ca. 600 B.C) One of the earliest examples of cryptography can be attributed to the Atbash cipher developed by Hebrew scholars almost 2700 years ago. This cipher was implemented by writing out the alphabet on one line, and writing it again in reverse underneath http://practicalcryptography.com/ciphers/atbash-cipher-cipher/ as so: Each letter in the message would be substituted with the letter in the second row. So "A" would written as "Z", and "B" would be written as "Y" and so on. However, even back in its day, this cipher offered no security because there was only one algorithm to the cipher and therefore was easy to break. Caesar Cipher (ca 100 A.D) The Caesar cipher was a similar cipher to the Atbash cipher but instead of reversing the alphabet on the second row, it would be written again normally but would be shifted a certain number of places to the left to encrypt a message https://learncryptography.com/classical-encryption/caesar-cipher. So if we had to encrypt a message with a shift three places to the right, "A" would become "D", "B" would become "E", "C" would become "F", and so on: This makes it a bit more secure than Atbash cipher, however there are only 25 unique shifts which means the cipher is still easy to break and with today's powerful processing power of computers, a brute force attack could take seconds to determine shift of the cipher. The First Polyalphabetic Cipher (1467) The famous Renaissance cryptographer, Leon Battista Alberti is often credited for inventing the first machine used to encrypt messages, which was also referred to as the Alberti Cipher Disk. This is also one of the first ciphers to incorporate numbers with letters when encrypting messages. At the time this was the most secure form of cryptography and was relatively difficult to break. Unless someone knew what method was used to encrypt the message, it would be impossible to reverse engineer the cipher by hand. Put into a table format, the standard algorithm appears as follows: The top row with the upper-case letters (outer ring) represent the plain text letters of the message, and the lower-case letters in the second row represent the substitution letters (inner-ring). You will also notice that the letters "H", "J", "K", "U" and "Y" are missing, this was done to help prevent patterns from occurring and make it harder to determine what algorithm was used http://goto.pachanka.org/crypto/alberti-cipher-disk/. So if the plain text contained letters that were missing on the disk, they had to be removed or replaced in the plain text message firsthttps://vcrypto.tonyo.info/venetian_crypto/website/index.php/alberti. Vigenère Cipher (1553) The Vigenère Cipher was a complex polyalphabetic cipher that makes use of multiple layers of the Caesar Cipher except it makes use of a specific keyword to determine what shifts to use. Despite its simple application, it took over 300 years before theories came up as to how to decipher messages without knowing the key and it remained unbreakable for that time. It has been recommended to make the key the same length as the message, and this was achieved by repeating the key over and over as one word until it was the same length as the message, or use an entire phrase as a key http://www.counton.org/explorer/codebreaking/vigenere-cipher.php. The Jefferson Disk Cipher (1795) The Jefferson Disk Cipher was similar to the Alberti Cipher Disk but was altered to help strengthen the encryption. The mechanism consisted of around 36 disks, each with all 26 letters of the alphabet marked on them, each disk having the alphabet arranged in a different order. This disks were marked with a unique number and placed on an axle with the unique numbers being the key. The disks could be taken off the axle and reordered as desired http://www.cryptomuseum.com/crypto/usa/jefferson/index.htm. The recipient of the message would have to know the key used and arrange their disks accordingly. The lines of the message would be spelled out along the disks and the letters underneath each of the message's letters would be used as the encrypted format. The recipient would take the first line of the message and turn the cylinders until they find readable text appear across the cylinders https://www.monticello.org/site/research-and-collections/wheel-cipher. First Implementation of Stream Cipher (1917) Stream ciphers are regarded as symmetric-key ciphers, because they use the same key to encrypt and decrypt information. The plain text message is combined with a pseudorandom keystream (a stream of characters mixed with a plain text message to create an encrypted message). A message is encrypted one byte at a time by taking a byte from the plain text message and combining it with a byte from the key by means of an exclusive-or (XOR) function https://blogs.msdn.microsoft.com/drnick/2006/07/21/how-stream-ciphers-work/. When the message needs to be decrypted, this process is essentially reversed using the same key that was used to encrypt the message. KW-26 - First Electronic Encryption (1957) In the past, encryption systems relied on mechanical rotors and switches to convert plain text messages into encrypted messages by substituting the plain text characters with other characters on the rotors. In 1957, the National Security Agency (NSA) developed the KW-26 which was one of the first electronic encryption systems to be used. Still based on the stream cipher, the NSA developed the algorithm used in the KW-26 and a key card would be entered to encrypt the message. However if the same key card was used more than once, there was a good chance the cipher could be broken http://www.jproc.ca/crypto/kw26.html. The KW-26 would send message bits in one continuous stream, making it impossible to intercept the stream and determine when a message started or ended, therefore this provided traffic flow security. First Block Cipher (1973) Block ciphers became part of the symmetric cipher structure, but instead of encrypting one bit at a time, it grouped bits into a fixed-length, called a block, and encrypted that block of data http://searchsecurity.techtarget.com/definition/block-cipher. Block cipher was designed by Horst Feistel while working at IBM and was first seen in the form of IBM's Lucifer cipher, which could encrypt blocks up to 128 bits in size at a time. Feistel's cipher became the foundation for a wide range of other block ciphers that followed after the Lucifer cipher. Data Encryption Standard (1976) The Data Encryption Standard (DES) is an encryption that was endorsed by the National Institute of Standards and Technology (NIST) with consultation from the NSA. It made use of a 56 bit key size and a 64 bit block size, and it became the standard cipher for encrypting government documents both in storage and transmission https://www.britannica.com/topic/Data-Encryption-Standard. Financial organizations and systems soon adopted DES as a means of encrypting transactions and data storage, and even though there are more secure ciphers now, there are still a few financial systems that use DES to this day. There were a number of enhanced variants of DES that were released as the initial version became easier to break. RSA Encryption Invented (1977) The Rivest-Shamir-Adleman (RSA) cryptosystem is one of the first cryptosystems to make use of public key encryption. To this day it still plays a significant role in securing data transmissions over the internet. The public key is generated by multiplying two large prime numbers https://brilliant.org/wiki/rsa-encryption/. The sender would use the recipient's public key (which is publicly available) to encrypt the message. The recipient would then use their private key (which is only known to them) to decrypt the message. Quantum Cryptography Demonstrated in Proof-of-Principle Experiment (1989) Quantum cryptography is a new form of cryptography which is still mostly theoretical, but instead of being based on mathematics, it's based on exploiting physics. This concept is aimed at encrypting data in transit and decrypting it once it's received by the recipient, and it is ultimately, but theoretically, believed to be unhackable https://www.popsci.com/what-is-quantum-cryptography. Petty Good Privacy Program Launched (1991) The Pretty Good Privacy (PGP) is an encryption software used to encrypt and authenticate data communication. This software also makes use of public keys to encrypt data and is often found on certain email and online chat services. Some dark web websites use it as one of its layers of security for users to communicate securely and anonymously on their forums and chat rooms. It essentially compresses plain text and uses public key encryption to help strengthen the security of the data. A session key is sent with the encrypted text to the recipient which will be used to decrypt the data https://users.ece.cmu.edu/~adrian/630-f04/PGP-intro.html#p10. Secure Socket Layer Protocol Released (1994) Secure Socket Layer (SSL) is a network security protocol that was initially developed in 1994, but it was only fully implemented in 1996 as the first two version had such significant security flaws that they were regarded as high risk to use http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL. It's main purpose was to secure connections between network clients and servers over the internet. It made use of symmetric and public key encryption mechanisms to encrypt data before it was sent over the internet. Rivest Cipher 4 (1994) Rivest Cipher 4 (RC4) was a simple and fast stream cipher that makes use of a shared key algorithm https://www.vocal.com/cryptography/rc4-encryption-algoritm/. This means that the key used to encrypt the data is the same key used to decrypt the data, which by today's standards makes it highly insecure to use. It was used in protocols such as SSL, wired equivalent privacy (WEP) and PDF files https://paginas.fe.up.pt/~ei10109/ca/rc4.html. Advanced Encryption Standard (1998) Advanced Encryption Standard (AES) was a new cryptosystem that essentially replaced DES as it was more secure when it came to encrypting data. It has become the standard encryption in many applications, hardware and web services. The data is encrypted in blocks of 128 bits and use key sizes of 128, 192 and 256 bits http://searchsecurity.techtarget.com/definition/Advanced-Encryption-Standard. It makes use of a four by four matrix of bytes which goes through a four step process per block. The block is substituted by a fixed table in the design. The rows of the matrix are then shifted, with the first row not shifting at all, the second row shifting one position to the left, the third row shifting two places to the left and the fourth row shifted three places to the left. This now creates a new matrix of the same bytes. AES then uses a special mathematical function that mixes up the columns by taking the input of four bytes of one column and produces four new bytes to replace that column. The key is then implemented and where it gets XORed with the matrix to complete the encryption process https://www.tutorialspoint.com/cryptography/advanced_encryption_standard.htm. Recent Times (2000 - Present) In the last twenty odd years, AES has remained the common standard of encryption but over time more and more methods of attack have been theorized and demonstrated against AES. Cryptography continues to improve and become more complex in order to avoid being broken and ensure strong reliable security. As new ciphers appear, researchers and malicious hackers will work hard to decipher and break these ciphers. There is currently high hopes for the potential security value in quantum cryptography, with many feeling it cannot be hacked, yet there are some experts that argue quantum cryptography can be broken and will be broken at some point in time. Where It's Used In today's times, cryptography is used in just about everything digital but the two main aspects it is used is when data is in storage and when data is being transmitted. Information has become extremely valuable to cyber criminals because of the wide range of attacks and criminal activities they can commit such as steal funds from bank accounts, identity theft, selling stolen consumer details and login credentials, determining and exploiting vulnerabilities, pirating software and media, etc. Below is a list of some of the systems and services that use cryptography: Web communications This uses Transport Layer Security (TLS), which is a cryptographic protocol designed to ensure data privacy and integrity while data is being transferred over the internet. But it should be noted that the internet itself was initially designed with no security at all. There is currently a massive drive to try and change this and in the past 20 years, only around 50% of the internet is encrypted. ATMs Automated teller machines around the world use different encryption algorithms but initially they used DES (and some still do), but this has proven to be highly insecure as DES on ATMs has been broken very easily with today's available processing power. By 2002 ATMs began using Triple Data Encryption Standard (3DES) which essentially ran the DES algorithm three times to encrypt data. This increased the key length and made it much harder to break. Since 2003 ATMs are now using the more secure AES encryption algorithm https://itstillworks.com/encryption-used-atm-machine-11369995.html. CDs and DVDs Movie and music disks are also encrypted to an extent to help prevent piracy and illegal copying of the content on the disk. Initially hey used a content scrambling system to encrypt the disk contents but three years after its release, the encryption was broken and could easily be decrypted in under a minute. Disks now use Advanced Access Content System which uses AES encryption, however this implementation is still broken relatively easily with the right tools and expertise. Login Passwords When you login into your online banking, Facebook account or even your operating system, the password that you enter is first hashed before the system checks if it is correct. A cryptographic hash is when data is encrypted but it cannot be decrypted afterwards. When you set your password, the system creates a hash of that password and stores the hash. Each time you enter a password in, the system hashes is and compares the hash of the plain text you entered to the hash stored in the database. The same plain text will produce the exact same hash string every time and therefore if even the slightest change is made, the hash will be different. Most services and applications use SHA1 or SHA2 hashes for their login systems. Wi-Fi Wi-Fi is one of the most commonly used forms of internet access in the world in both organizations and homes. Some Wi-Fi routers allow users to connect from quite a range and as a result it is common for a neighbor or someone driving past your home to pick up your Wi-Fi signal. As a result, attackers can easily intercept the Wi-Fi data being sent through these signals and any unencrypted data is available to them to read. Wi-Fi these days uses Wi-Fi Protected Access 2 (WPA2). This is currently the standard and very difficult to break, however there are a number of free tools that can break the encryption if enough packets are captured and analyzed to determine the key. Attack Methods There are a wide range of attacks to try break a cryptosystem in order to decrypt data without the key. Some basic or old attack methods are no longer successful as encryption procedures and systems have improved to protect against these attacks. But in the end the method of attack is often significantly influenced by the type of cryptosystem used https://www.tutorialspoint.com/cryptography/attacks_on_cryptosystems.htm http://www.tech-faq.com/known-ciphertext-attack.html http://www.crypto-it.net/eng/attacks/chosen-plaintext.html. Ciphertext Only Attack This method is used when the attacker has access to a set of cipher texts, but does not have access to the corresponding plain text. This can still help determine the plain text and in some cases it can be used to determine the key used to encrypt the plain text. However with modern cryptosystem this method often has unsuccessful and is more suitable for older cryptosystems. Chosen Plaintext Attack The attacker has plain text of choice encrypted which means they now have the plain text and cipher text to work with. This can make it a quite easy to determine the encryption key. This is often done by means of differential cryptanalysis used against block ciphers and hash functions. This method has been used as far back as World War II to break the Enigma machine's cipher and even today it can still successfully break cipher, including the RSA cipher. Dictionary Attack This is when a large list of cipher texts and corresponding plain texts collected by the attacker is compiled into a 'dictionary'. As this list grows, the probability of the attacker being able to decipher a text becomes easier. Brute Force Attack A brute force attack is when the size of the key is used to determine the possible number key combinations that could be used to encrypt the plain text. If a key is 16 bits in size, this makes it 216 which produces 65 536 different key combinations. The attack would then attempt using one key combination after another until the right key is used and the text is deciphered. Man in the Middle Attack A man in the middle attack is primarily targeted at public key cryptosystems. The attacker will intercept one user's request for a public key to another user and the attackers key gets sent back instead. Any data being sent using that public key can be read by the attacker, and the data then gets encrypted again with the sender's public key to so that the recipient still gets the data and communication between the two is maintained. Side Channel Attack This method focuses on exploiting vulnerabilities in the implementation of a cryptosystem. This could be poor key management, improper cryptosystem implemented, etc. This attack method will be successful provided there is human error present in the implementation of the cryptosystem. Fault Analysis Attack This attack method is targeted at vulnerabilities in the cryptosystem itself and the attacker will exploit these vulnerabilities to try acquire keys to decrypt information. These types of attacks are often quite severe and can result in highly sensitive information being compromised such as banking information, personal information and login credentials. Abuse of Cryptography Cryptography was developed to essentially scramble data and ensure its security from unauthorized personnel, and also to ensure data integrity. Ironically hackers have been able to turn this security feature into a weapon by means of ransomware. Ransomware usually makes use of RSA cryptography by encrypting a victim's files with a public key and then demand payment for the private key to decrypt the files, which often does not work. Ransomware is becoming an increasingly popular method of cyber attack at an alarming rate, with attack and spreading methods becoming more and more sophisticated to bypass detection and other security mechanisms. References Category:Glossary Category:Cryptography Category:Security